How to develop an effective audit methodology
How to develop an effective audit methodology
A top priority for almost all compliance officers is performing audits to measure their compliance efforts. (See Compliance Hotline, Oct. 22, 2001, "How to develop an effective audit protocol.") Sheryl Vacca, a director with Deloitte and Touche in Sacramento, CA, says that before compliance officers develop an audit methodology plan, they must assemble a team. "It is important for you to develop your team from within and decide who that team is going to be," she says.
According to Vacca, it’s important to know what other departments are doing because those departments may not look at the same areas from a compliance perspective. "They may look at it as documentation issue," she explains. "They are not tying it necessarily to a claim."
Vacca says one group that should be represented is legal. The legal department can help perform investigations and help define the worst case scenario that can occur as a result, she explains. In addition, compliance officers are more likely to get the buy-in from senior management if they are able to warn them about what could potentially come out of the audit, she adds. "Then they know ahead of time what is going on and they can be prepared for that potential."
It also is important to include risk management, she says. "They have a whole different view on life when it comes to certain areas, and they also have great assets," she explains.
Internal audit should be part of the team as well. "If you don’t have your own internal audit group, at least find someone who is skilled in the audit methodology," says Vacca. "Whether they are knowledgeable in the risk area or not, they are knowledgeable regarding methodology, and you never know where your audit results are going to go," she explains.
In terms of resources, Vacca says compliance officers must use what they have. "That is the reality of the situation," she asserts. "You are not going to be able to have third parties come in and do your reviews or your audits 100% of the time."
It also is critical that compliance officers identify who is going to be responsible for the resolution. "That is not the compliance officer’s responsibility," Vacca warns. "They have oversight into that, but the people who own it need to take care of the problem and make sure it is resolved."
In a broader sense, it can spell trouble when a compliance officer’s job description makes him or her responsible for compliance within the organization, warns Dan Roach, vice president and corporate compliance officer for Catholic Healthcare West. "My belief is that the compliance officer should be responsible for developing the processes, the policies, and procedures for developing the education programs, for developing the reviews and shepherding the compliance process, but ultimately is it operation in an organization that is responsible for compliance."
He says it is the role of the chief operating officer or somebody else to ensure that the department heads actually are implementing the program that compliance officers develop. "There are very few health care systems that I am aware of where the compliance officer has the authority to hire and fire people at the operating level, and that is the ultimate trump card," he explains.
According to Roach, audit processes do not always require external review. Processes can be developed where departments evaluate their own work along with some type of oversight or limited review of the work that they have done to make sure they are applying the criteria appropriately.
"That is a way to push the auditing down into the organization," argues Roach. Doing so also will serve a useful education function for the organization, he says.
Roach says compliance officers also must consider whether to use a concurrent or retrospective review. Most lawyers typically prefer some type of a concurrent review rather than a retrospective review, because a retrospective review can cause a lot of problems, he says.
But the downside to concurrent review is that many times you don’t have the complete picture, and it is typically more difficult to generate results.
Roach says that a distinction sometimes is made between accounting and auditing. "As a lawyer, I don’t particularly care whether we call it a review or we call it an audit," he says. "If we identify situations where we have been overpaid, we have the same legal obligation to correct it."
Roach says that any time overpayments are discovered, the money must be returned to the fiscal intermediary even if the cases are isolated and not part of a pattern. "But unless there is a significant pattern or evidence of some kind of intentional wrongdoing or reckless disregard, it probably should stop at the [fiscal intermediary]," he adds.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.